예제 #1
0
        private bool Handshake(ServerAsyncEventArgs ie, Server <C> .Connection <C> connection)
        {
            int num = 0;
            ServerAsyncEventArgs serverAsyncEventArgs = null;
            SspiContext          sspiContext          = connection.SspiContext;
            SecBufferDescEx      secBufferDescEx      = sspiContext.SecBufferDesc2[0];
            SecBufferDescEx      secBufferDescEx2     = sspiContext.SecBufferDesc2[1];
            bool result;

            try
            {
                if (sspiContext.Buffer.IsValid && ie != null && !sspiContext.Buffer.CopyTransferredFrom(ie, 0))
                {
                    result = false;
                }
                else
                {
                    while (true)
                    {
                        secBufferDescEx.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN;
                        if (sspiContext.Buffer.IsValid)
                        {
                            this.SetSecBuffer(ref secBufferDescEx.Buffers[0], sspiContext);
                        }
                        else
                        {
                            this.SetSecBuffer(ref secBufferDescEx.Buffers[0], ie);
                        }
                        secBufferDescEx.Buffers[1].SetBufferEmpty();
                        if (serverAsyncEventArgs == null)
                        {
                            serverAsyncEventArgs = EventArgsManager.Get();
                        }
                        serverAsyncEventArgs.AllocateBuffer();
                        secBufferDescEx2.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN;
                        secBufferDescEx2.Buffers[0].Size       = serverAsyncEventArgs.Count;
                        secBufferDescEx2.Buffers[0].Buffer     = serverAsyncEventArgs.Buffer;
                        secBufferDescEx2.Buffers[0].Offset     = serverAsyncEventArgs.Offset;
                        secBufferDescEx2.Buffers[1].SetBufferEmpty();
                        int            contextReq = 98332;
                        SafeCtxtHandle handle     = sspiContext.Handle.IsInvalid ? new SafeCtxtHandle() : sspiContext.Handle;
                        long           num2;
                        SecurityStatus securityStatus = Sspi.SafeAcceptSecurityContext(ref this.credential, ref sspiContext.Handle, ref secBufferDescEx, contextReq, TargetDataRep.SECURITY_NATIVE_DREP, ref handle, ref secBufferDescEx2, out num, out num2);
                        if (sspiContext.Handle.IsInvalid)
                        {
                            sspiContext.Handle = handle;
                        }
                        SecurityStatus securityStatus2 = securityStatus;
                        if (securityStatus2 == (SecurityStatus)2148074264u)
                        {
                            break;
                        }
                        if (securityStatus2 != (SecurityStatus)2148074273u)
                        {
                            if ((securityStatus == SecurityStatus.SEC_I_CONTINUE_NEEDED || securityStatus == SecurityStatus.SEC_E_OK || (Sspi.Failed(securityStatus) && (num & 32768) != 0)) && secBufferDescEx2.Buffers[0].Size > 0)
                            {
                                serverAsyncEventArgs.Count = secBufferDescEx2.Buffers[0].Size;
                                serverAsyncEventArgs.CopyAddressesFrom(ie);
                                serverAsyncEventArgs.LocalEndPoint = base.GetLocalEndpoint(ie.RemoteEndPoint.Address);
                                base.SendAsync(connection, serverAsyncEventArgs);
                                serverAsyncEventArgs = null;
                            }
                            int bufferIndex = secBufferDescEx.GetBufferIndex(BufferType.SECBUFFER_EXTRA, 0);
                            if (bufferIndex < 0)
                            {
                                sspiContext.Buffer.Free();
                            }
                            else if (sspiContext.Buffer.IsInvalid)
                            {
                                if (!sspiContext.Buffer.CopyTransferredFrom(ie, ie.BytesTransferred - secBufferDescEx.Buffers[bufferIndex].Size))
                                {
                                    goto Block_21;
                                }
                            }
                            else
                            {
                                sspiContext.Buffer.MoveToBegin(sspiContext.Buffer.BytesTransferred - secBufferDescEx.Buffers[bufferIndex].Size, secBufferDescEx.Buffers[bufferIndex].Size);
                            }
                            SecurityStatus securityStatus3 = securityStatus;
                            if (securityStatus3 == SecurityStatus.SEC_E_OK)
                            {
                                goto IL_2FF;
                            }
                            if (securityStatus3 != SecurityStatus.SEC_I_CONTINUE_NEEDED)
                            {
                                goto Block_23;
                            }
                            if (bufferIndex < 0)
                            {
                                goto Block_25;
                            }
                        }
                        else
                        {
                            if (serverAsyncEventArgs.Count >= this.maxTokenSize)
                            {
                                goto IL_1DC;
                            }
                            serverAsyncEventArgs.Count = this.maxTokenSize;
                            serverAsyncEventArgs.ReAllocateBuffer(false);
                        }
                    }
                    if (sspiContext.Buffer.IsInvalid && !sspiContext.Buffer.CopyTransferredFrom(ie, 0))
                    {
                        result = false;
                        return(result);
                    }
                    result = true;
                    return(result);

IL_1DC:
                    result = false;
                    return(result);

Block_21:
                    result = false;
                    return(result);

Block_23:
                    result = false;
                    return(result);

IL_2FF:
                    if (Sspi.SafeQueryContextAttributes(ref sspiContext.Handle, out sspiContext.StreamSizes) != SecurityStatus.SEC_E_OK)
                    {
                        result = false;
                        return(result);
                    }
                    sspiContext.Connected = true;
                    this.OnNewConnection(connection);
                    result = true;
                    return(result);

Block_25:
                    result = true;
                }
            }
            finally
            {
                if (serverAsyncEventArgs != null)
                {
                    EventArgsManager.Put(ref serverAsyncEventArgs);
                }
            }
            return(result);
        }
            public ErrorCodes Authentication(SafeCredHandle credHandle, byte[] inToken, out ArraySegment <byte> outToken)
            {
                idleTime = DateTime.UtcNow.AddMinutes(IdleMinutes);

                InitializeThreadStaticVars();

                secBufferDesc1.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, inToken);
                secBufferDesc1.Buffers[1].SetBufferEmpty();

                secBufferDesc2.Buffers[0].SetBuffer(BufferType.SECBUFFER_TOKEN, bytes1);
                secBufferDesc2.Buffers[1].SetBufferEmpty();

                var newHandle = (contextHandle.IsInvalid) ? new SafeCtxtHandle() : contextHandle;

                var result = Sspi.SafeAcceptSecurityContext(
                    ref credHandle,
                    ref contextHandle,
                    ref secBufferDesc1,
                    (int)(ContextReq.ASC_REQ_INTEGRITY | ContextReq.ASC_REQ_IDENTIFY |
                          ((scheme == AuthSchemes.Ntlm) ? ContextReq.ASC_REQ_DATAGRAM : ContextReq.ASC_REQ_MUTUAL_AUTH)),
                    TargetDataRep.SECURITY_NETWORK_DREP,
                    ref newHandle,
                    ref secBufferDesc2);

                Tracer.WriteInformation("Auth: " + result.ToString());

                if (contextHandle.IsInvalid && newHandle.IsInvalid == false)
                {
                    contextHandle = newHandle;
                }

                if (result == SecurityStatus.SEC_E_OK)
                {
                    outToken = new ArraySegment <byte>();
                    isAuthenticationComplete = true;

                    SecPkgContext_Sizes sizes;
                    if (Sspi.Failed(Sspi.SafeQueryContextAttributes(ref contextHandle, out sizes)))
                    {
                        return(ErrorCodes.QueryContextAttributesForSizesFailed);
                    }
                    maxSignatureSize = sizes.cbMaxSignature;

                    if (Sspi.Failed(Sspi.SafeQueryContextAttributes(ref contextHandle, out userName)))
                    {
                        return(ErrorCodes.QueryContextAttributesForUsernameFailed);
                    }

                    int slash = userName.IndexOf('\\');
                    if (slash >= 0)
                    {
                        userName = userName.Substring(slash + 1);
                    }

                    Tracer.WriteInformation("Username: " + userName);

                    expireTime = DateTime.UtcNow.AddHours(ExpirationHours);

                    return(ErrorCodes.Ok);
                }
                else if (result == SecurityStatus.SEC_I_CONTINUE_NEEDED)
                {
                    outToken = new ArraySegment <byte>(bytes1, 0, secBufferDesc2.Buffers[0].Size);
                    return(ErrorCodes.Continue);
                }
                else
                {
                    outToken = new ArraySegment <byte>();
                    return(ErrorCodes.SecurityViolation);
                }
            }
예제 #3
0
        private unsafe bool Handshake(ServerAsyncEventArgs ie, Connection <C> connection)
        {
            int contextAttr         = 0;
            ServerAsyncEventArgs oe = null;
            var context             = connection.SspiContext;
            var input  = context.SecBufferDesc2[0];
            var output = context.SecBufferDesc2[1];

            try
            {
                if (context.Buffer.IsValid && ie != null)
                {
                    if (context.Buffer.CopyTransferredFrom(ie, 0) == false)
                    {
                        return(false);
                    }
                }

                for (; ;)
                {
                    // prepare input buffer
                    //
                    input.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN;
                    if (context.Buffer.IsValid)
                    {
                        SetSecBuffer(ref input.Buffers[0], context);
                    }
                    else
                    {
                        SetSecBuffer(ref input.Buffers[0], ie);
                    }

                    input.Buffers[1].SetBufferEmpty();


                    // prepare output buffer
                    //
                    if (oe == null)
                    {
                        oe = EventArgsManager.Get();
                    }
                    oe.AllocateBuffer();

                    output.Buffers[0].BufferType = BufferType.SECBUFFER_TOKEN;
                    output.Buffers[0].Size       = oe.Count;
                    output.Buffers[0].Buffer     = oe.Buffer;
                    output.Buffers[0].Offset     = oe.Offset;

                    output.Buffers[1].SetBufferEmpty();


                    // prepare some args and call SSPI
                    //
                    int contextReq = (int)(ContextReq.ASC_REQ_SEQUENCE_DETECT |
                                           ContextReq.ASC_REQ_REPLAY_DETECT |
                                           ContextReq.ASC_REQ_CONFIDENTIALITY |
                                           ContextReq.ASC_REQ_EXTENDED_ERROR |
                                           ContextReq.ASC_REQ_STREAM);

                    var newHandle = (context.Handle.IsInvalid) ? new SafeCtxtHandle() : context.Handle;

                    long timeStamp;

                    var result = Sspi.SafeAcceptSecurityContext(
                        ref credential,
                        ref context.Handle,
                        ref input,
                        contextReq,
                        TargetDataRep.SECURITY_NATIVE_DREP,
                        ref newHandle,
                        ref output,
                        out contextAttr,
                        out timeStamp);

                    if (context.Handle.IsInvalid)
                    {
                        context.Handle = newHandle;
                    }


                    // proccess non-critical errors
                    //
                    switch (result)
                    {
                    case SecurityStatus.SEC_E_INCOMPLETE_MESSAGE:

                        if (context.Buffer.IsInvalid)
                        {
                            if (context.Buffer.CopyTransferredFrom(ie, 0) == false)
                            {
                                return(false);
                            }
                        }
                        return(true);


                    case SecurityStatus.SEC_E_BUFFER_TOO_SMALL:

                        if (oe.Count < maxTokenSize)
                        {
                            oe.Count = maxTokenSize;
                            oe.ReAllocateBuffer(false);
                            continue;
                        }
                        return(false);
                    }


                    // send response to client
                    //
                    if (result == SecurityStatus.SEC_I_CONTINUE_NEEDED || result == SecurityStatus.SEC_E_OK ||
                        (Sspi.Failed(result) && (contextAttr & (int)ContextAttr.ASC_RET_EXTENDED_ERROR) != 0))
                    {
                        if (output.Buffers[0].Size > 0)
                        {
                            oe.Count = output.Buffers[0].Size;
                            oe.CopyAddressesFrom(ie);
                            oe.LocalEndPoint = GetLocalEndpoint(ie.RemoteEndPoint.Address);

                            base.SendAsync(connection, oe);
                            oe = null;
                        }
                    }


                    // move extra data to buffer
                    //
                    int extraIndex = input.GetBufferIndex(BufferType.SECBUFFER_EXTRA, 0);

                    if (extraIndex < 0)
                    {
                        context.Buffer.Free();
                    }
                    else
                    {
                        if (context.Buffer.IsInvalid)
                        {
                            if (context.Buffer.CopyTransferredFrom(ie,
                                                                   ie.BytesTransferred - input.Buffers[extraIndex].Size) == false)
                            {
                                return(false);
                            }
                        }
                        else
                        {
                            context.Buffer.MoveToBegin(context.Buffer.BytesTransferred - input.Buffers[extraIndex].Size,
                                                       input.Buffers[extraIndex].Size);
                        }
                    }


                    // proccess error-codes
                    //
                    switch (result)
                    {
                    case SecurityStatus.SEC_E_OK:

                        if (Sspi.SafeQueryContextAttributes(ref context.Handle, out context.StreamSizes)
                            != SecurityStatus.SEC_E_OK)
                        {
                            return(false);
                        }

                        context.Connected = true;
                        OnNewConnection(connection);

                        return(true);


                    case SecurityStatus.SEC_I_CONTINUE_NEEDED:

                        if (extraIndex >= 0)
                        {
                            continue;
                        }

                        return(true);


                    default:
                        return(false);
                    }
                }
            }
            finally
            {
                if (oe != null)
                {
                    EventArgsManager.Put(ref oe);
                }
            }
        }